Recent Posts

Recent Blog Posts

The PhishLabs Blog

Beyond the Top 5 Industries Most Impacted by Social Engineering

In this year’s annual Phishing Trends and Intelligence report we identified phishing sites targeting more than 1,200 different brands belonging to 773 parent institutions. Of the top five targeted industries, they accounted for 83.9% of total phishing volume. There are two big takeaways from this finding: financial institutions are back on top, and each industry is still at risk.

Through our analysis we tracked dozens of different industries that are targeted by and impacted by phishing directly; however, just because a particular industry, real estate for example, make up less than a single percent of all targeted volume, they are still at risk. Let me explain why. Within that real estate group or agency, there can be anywhere from one to dozens or hundreds of employees.

Each of those employees has:

Bank accounts or accounts with other financial institutions

Use email

Store files in cloud storage platforms

Use online payment service systems

Probably use some form of software as a service (SaaS) platform

The above five bolded industries are the top most targeted that account for nearly 84 percent of all phishing volume, which means that even though real estate brands may directly be abused less in social engineered attacks, the users that work there are still at risk. This means the firm's accountant can still be targeted by BEC attacks, the marketing team could get a fake Adobe phishing email, and the office admin might be sent a malicious email posing as their bank.

Here’s a closer look at how the top five most targeted industries compare to one another:

Financial Institutions: 28.8%

Email: 24.1%

Cloud: 12.6%

Payment Services: 11.1%

SaaS: 7.2%

Compared to last year, financial institutions are now back on top. Previously, email, which accounted for 26.1% of phishing volume, held the place over financial, which was at around 20.5%.

Payment Services saw a decline in their overall share of the pie, but still saw an increase in volume. They moved from 16.1% down to 11.1% in the past year. Both Cloud Storage and SaaS remained relatively the same in the past two years. To further highlight the overall shift, though Cloud Storage remained the same, the volume of attacks rose by 48%.

Increasing Shares

After being displaced by email/online services in 2017, financial institutions are back on top as the single most targeted industry. While the financial industry’s share of global volume has fluctuated each year, the volume of attacks has consistently risen.

Financial Industry

Year

Phishing Volume

2018

28.9%

2017

21.1%

2016

24%

2015

29%

Software-as-a-Service (SaaS)

Meanwhile, as the SaaS industry has acquired more users, it has also seen a steady increase in volume and share.

Year

Phishing Volume

2018

7.1%

2017

6.4%

2016

1.7%

2015

.7%

Decreasing Shares

As the only top five targeted industry to see a decline in phishing volume (- 0.1%) payment services dropped down into fourth place overall.

Year

Phishing Volume

2018

11.1%

2017

15.6%

2016

14.9%

2015

10.4%

Ecommerce

The Ecommerce industry also dropped one position (into sixth overall) although it did see a 2% increase in phishing volume.